Multiple IBM MQ Operator Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-1333 CVSS:6

IBM MQ Container, when used with the IBM MQ Operator LTS, MQ Operator CD, and MQ Operator and configured with Cloud Pak for Integration Keycloak, could allow a remote attacker to obtain sensitive information.

CVE-2025-27365 CVSS:6.5

IBM MQ Operator is vulnerable to a denial of service, caused by a use-after-free error. By connecting the client to a MQ Queue Manager, an attacker could cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Impact

Information Disclosure
Denial of Service

Indicators of Compromise

CVE

CVE-2025-1333
CVE-2025-27365

Affected Vendors

Affected Products

IBM MQ Operator - 2.0.0 LTS - 3.0.0 - 3.0.1 - 3.1.0 - 3.1.3 - 3.4.0 - 3.5.0 - 3.5.1 CD - 3.2.0 SC2

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

IBM Security Advisory

CVE-2025-4093 – Mozilla Firefox Vulnerability

Mirai Botnet aka Katana – Active IOCs

Multiple IBM MQ Operator Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan